feat(acls): add support for forced tags
This commit is contained in:
Adrien Raffin-Caboisse
parent
9de9bc23f8
commit
cd1d10761f
2 changed files with 98 additions and 1 deletions
20
acls.go
20
acls.go
|
|
@ -2,6 +2,7 @@ package headscale
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
|
|
@ -251,7 +252,21 @@ func expandAlias(
|
|||
if strings.HasPrefix(alias, "tag:") {
|
||||
owners, err := expandTagOwners(aclPolicy, alias, stripEmailDomain)
|
||||
if err != nil {
|
||||
return ips, err
|
||||
if errors.Is(err, errInvalidTag) {
|
||||
for _, machine := range machines {
|
||||
for _, t := range machine.ForcedTags {
|
||||
if alias == t {
|
||||
ips = append(ips, machine.IPAddresses.ToStringSlice()...)
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(ips) == 0 {
|
||||
return ips, fmt.Errorf("%w. %v isn't owned by a TagOwner and no forced tags are defined.", errInvalidTag, alias)
|
||||
}
|
||||
return ips, nil
|
||||
} else {
|
||||
return ips, err
|
||||
}
|
||||
}
|
||||
for _, namespace := range owners {
|
||||
machines := filterMachinesByNamespace(machines, namespace)
|
||||
|
|
@ -328,6 +343,9 @@ func excludeCorrectlyTaggedNodes(
|
|||
break
|
||||
}
|
||||
}
|
||||
if len(machine.ForcedTags) > 0 {
|
||||
found = true
|
||||
}
|
||||
if !found {
|
||||
out = append(out, machine)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue